Detections
Analytics
VCEM-67-000006 - ESX Agent Manager must generate log records for system startup and shutdown.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
Logging must be started as soon as possible when a service starts and as late as possible when a service is stopped. Many forms of suspicious actions can be detected by analyzing logs for unexpected service starts and stops. Also, by starting to log immediately after a service starts, it becomes more difficult for suspicious activity to go unlogged.Solution
Navigate to and open:/etc/vmware/vmware-vmon/svcCfgfiles/eam.json
Below the last line of the 'PreStartCommandArg' block, add the following line:
'StreamRedirectFile' : '%VMWARE_LOG_DIR%/vmware/eam/jvm.log',
Restart the appliance for changes to take effect.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip
Item Details
Audit Name: DISA STIG VMware vSphere 6.7 EAM Tomcat v1r1
References: CAT|II, CCI|CCI-000169, Rule-ID|SV-239377r674625_rule, STIG-ID|VCEM-67-000006, Vuln-ID|V-239377
Plugin: Unix
Control ID: f08fb2d4ecd00578cb982b316b05b6df038195025005f6e4a39c13a0f8769963